-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.5 #863
ci(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.5 #863
Conversation
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.2 to 6.0.5. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@70a41ab...6d6857d) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…te-pull-request-6.0.5
|
GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
---|---|---|---|---|---|
11014523 | Triggered | Base64 Generic High Entropy Secret | 3e84861 | Tests/Unit Tests/Mocks.swift | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Generated by 🚫 Danger Swift against 2dd80fb |
…te-pull-request-6.0.5
Quality Gate passedIssues Measures |
Appetize link: https://appetize.io/app/4wiuo5k2i5n3x6xvu4zf6svkwi |
Bumps peter-evans/create-pull-request from 6.0.2 to 6.0.5.
Release notes
Sourced from peter-evans/create-pull-request's releases.
Commits
6d6857d
fix: update proxy support to follow octokit change to fetch api (#2867)9153d83
perf: limit the fetch depth of pr branch (#2857)c55203c
fix: drop unnecessary fetch with unshallow on push-to-fork (#2849)6ce4eca
build(deps-dev): bump@types/node
from 18.19.28 to 18.19.31 (#2842)36ef0ed
build(deps-dev): bump@types/node
from 18.19.26 to 18.19.28 (#2836)8500972
build(deps-dev): bump@types/node
from 18.19.25 to 18.19.26 (#2831)bda5ade
build(deps-dev): bump@types/node
from 18.19.23 to 18.19.25 (#2826)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)